Fake email Invoices April 2015 with attached malicious Word file


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subjects like:

Financial information: Invoices April 2015
Important notice: Invoices April 2015
Important information: Invoices April 2015
Need your attention: Invoices April 2015

This email is send from the spoofed address and has the following body:

Congratulations
Hope you are well

Please find attached the statement that matches back to your invoices.

Can you please sign and return.

Robin Wolfe

Dear Sir/Madam,

I trust this email finds you well,

Please see attached file regarding clients recent bill. Should you need further assistances lease feel free to email us.

Best Regards,

Sophia Watts
Accounts Receivables

Good morning

Hi,
Please find attached a recharge invoice for your broadband.

Many thanks,
Tabatha Murphy

The 49kB large attached file is named veizaioj_87B9A16BB5.doc (characters will vary) is a malicious Word file with embedded macro that will download other malware on the system.

The Word file is labelled as Malware!9f6e by 1 of the 57 AV engines at Virus Total.

Use the Virus Total for more detailed information.
SHA256: fbc58f82f9231d8ee7598aa7da82a2f67e5f8d85297bd12373a5f2f29e738314

MX Lab recommends not to open any of the above attached Word files or at least disable macros by default.